From: | Andreas Karlsson <andreas(at)proxel(dot)se> |
---|---|
To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
Cc: | Michael Banck <michael(dot)banck(at)credativ(dot)de>, Peter Geoghegan <pg(at)heroku(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [PATCH] Reload SSL certificates on SIGHUP |
Date: | 2016-11-24 13:49:34 |
Message-ID: | cf48a889-e890-0441-a1ed-57aea18c4b23@proxel.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 11/24/2016 08:46 AM, Michael Paquier wrote:
> On Sat, Nov 12, 2016 at 3:42 AM, Andreas Karlsson <andreas(at)proxel(dot)se> wrote:
>> On 11/11/2016 07:40 PM, Andreas Karlsson wrote:
>>> Here is a new version of the patch with the only differences;
>>>
>>> 1) The SSL tests have been changed to use reload rather than restart
>
> Did you check if the tests pass? I am getting a couple of failures
> like this one:
> psql: server certificate for "common-name.pg-ssltest.test" does not
> match host name "127.0.0.1"
> not ok 11 - sslrootcert=ssl/root+server_ca.crt sslmode=verify-full
> Attached are the logs of the run I did, and the same behavior shows
> for macOS and Linux. The shape of the tests look correct to me after
> review. Still, seeing failing tests with sslmode=verify-full is a
> problem that needs to be addressed. This may be pointing to an
> incorrect CA load handling, though I could not spot a problem when
> going through the code.
Thanks for finding this. I will look at this more once I get home, but
the tests do not fail on my computer. I wonder what I do differently.
What versions of Perl and OpenSSL do you run and how did you run the
tests when the failed? I ran the tests by running "make check" inside
"src/test/ssl".
Andreas
From | Date | Subject | |
---|---|---|---|
Next Message | Craig Ringer | 2016-11-24 13:58:05 | Random PGDLLIMPORTing |
Previous Message | Alvaro Herrera | 2016-11-24 13:30:57 | Re: [bugfix] commit timestamps ERROR on lookup of FrozenTransactionId |